rfc9259.original | rfc9259.txt | |||
---|---|---|---|---|
6man Z. Ali | Internet Engineering Task Force (IETF) Z. Ali | |||
Internet-Draft C. Filsfils | Request for Comments: 9259 C. Filsfils | |||
Intended status: Standards Track Cisco Systems | Category: Standards Track Cisco Systems | |||
Expires: July 27, 2022 S. Matsushima | ISSN: 2070-1721 S. Matsushima | |||
Softbank | Softbank | |||
D. Voyer | D. Voyer | |||
Bell Canada | Bell Canada | |||
M. Chen | M. Chen | |||
Huawei | Huawei | |||
January 23, 2022 | May 2022 | |||
Operations, Administration, and Maintenance (OAM) in Segment Routing | Operations, Administration, and Maintenance (OAM) in Segment Routing | |||
Networks with IPv6 Data plane (SRv6) | Networks with IPv6 Data Plane (SRv6) | |||
draft-ietf-6man-spring-srv6-oam-13 | ||||
Abstract | Abstract | |||
This document describes how the existing IPv6 mechanisms for ping and | This document describes how the existing IPv6 mechanisms for ping and | |||
traceroute can be used in an SRv6 network. The document also | traceroute can be used in an SRv6 network. The document also | |||
specifies the OAM flag in the Segment Routing Header (SRH) for | specifies the OAM flag (O-flag) in the Segment Routing Header (SRH) | |||
performing controllable and predictable flow sampling from segment | for performing controllable and predictable flow sampling from | |||
endpoints. In addition, the document describes how a centralized | segment endpoints. In addition, the document describes how a | |||
monitoring system performs a path continuity check between any nodes | centralized monitoring system performs a path continuity check | |||
within an SRv6 domain. | between any nodes within an SRv6 domain. | |||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This is an Internet Standards Track document. | |||
provisions of BCP 78 and BCP 79. | ||||
Internet-Drafts are working documents of the Internet Engineering | ||||
Task Force (IETF). Note that other groups may also distribute | ||||
working documents as Internet-Drafts. The list of current Internet- | ||||
Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Further information on | |||
Internet Standards is available in Section 2 of RFC 7841. | ||||
This Internet-Draft will expire on July 27, 2022. | Information about the current status of this document, any errata, | |||
and how to provide feedback on it may be obtained at | ||||
https://www.rfc-editor.org/info/rfc9259. | ||||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Revised BSD License text as described in Section 4.e of the | |||
the Trust Legal Provisions and are provided without warranty as | Trust Legal Provisions and are provided without warranty as described | |||
described in the Simplified BSD License. | in the Revised BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction | |||
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Language | |||
1.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 | 1.2. Abbreviations | |||
1.3. Terminology and Reference Topology . . . . . . . . . . . 4 | 1.3. Terminology and Reference Topology | |||
2. OAM Mechanisms . . . . . . . . . . . . . . . . . . . . . . . 5 | 2. OAM Mechanisms | |||
2.1. O-flag in Segment Routing Header . . . . . . . . . . . . 5 | 2.1. OAM Flag in the Segment Routing Header | |||
2.1.1. O-flag Processing . . . . . . . . . . . . . . . . . . 6 | 2.1.1. OAM Flag Processing | |||
2.2. OAM Operations . . . . . . . . . . . . . . . . . . . . . 8 | 2.2. OAM Operations | |||
3. Implementation Status . . . . . . . . . . . . . . . . . . . . 8 | 3. Security Considerations | |||
4. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | 4. Privacy Considerations | |||
5. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9 | 5. IANA Considerations | |||
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 6. References | |||
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 6.1. Normative References | |||
7.1. Normative References . . . . . . . . . . . . . . . . . . 10 | 6.2. Informative References | |||
7.2. Informative References . . . . . . . . . . . . . . . . . 10 | Appendix A. Illustrations | |||
Appendix A. Illustrations . . . . . . . . . . . . . . . . . . . 12 | A.1. Ping in SRv6 Networks | |||
A.1. Ping in SRv6 Networks . . . . . . . . . . . . . . . . . . 12 | A.1.1. Pinging an IPv6 Address via a Segment List | |||
A.1.1. Pinging an IPv6 Address via a Segment-list . . . . . 13 | A.1.2. Pinging a SID | |||
A.1.2. Pinging a SID . . . . . . . . . . . . . . . . . . . . 14 | A.2. Traceroute | |||
A.2. Traceroute . . . . . . . . . . . . . . . . . . . . . . . 15 | A.2.1. Traceroute to an IPv6 Address via a Segment List | |||
A.2.1. Traceroute to an IPv6 Address via a Segment-list . . 15 | A.2.2. Traceroute to a SID | |||
A.2.2. Traceroute to a SID . . . . . . . . . . . . . . . . . 17 | A.3. Hybrid OAM Using the OAM Flag | |||
A.3. A Hybrid OAM Using O-flag . . . . . . . . . . . . . . . . 18 | A.4. Monitoring of SRv6 Paths | |||
A.4. Monitoring of SRv6 Paths . . . . . . . . . . . . . . . . 21 | Acknowledgements | |||
Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 22 | Contributors | |||
Appendix C. Contributors . . . . . . . . . . . . . . . . . . . . 22 | Authors' Addresses | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 | ||||
1. Introduction | 1. Introduction | |||
As Segment Routing with IPv6 data plane (SRv6) [RFC8402] simply adds | As Segment Routing with IPv6 data plane (SRv6) [RFC8402] simply adds | |||
a new type of Routing Extension Header, existing IPv6 OAM mechanisms | a new type of Routing Extension Header, existing IPv6 OAM mechanisms | |||
can be used in an SRv6 network. This document describes how the | can be used in an SRv6 network. This document describes how the | |||
existing IPv6 mechanisms for ping and traceroute can be used in an | existing IPv6 mechanisms for ping and traceroute can be used in an | |||
SRv6 network. This includes illustrations of pinging an SRv6 SID to | SRv6 network. This includes illustrations of pinging an SRv6 Segment | |||
verify that the SID is reachable and is locally programmed at the | Identifier (SID) to verify that the SID is reachable and is locally | |||
target node. This also includes illustrations for tracerouting to an | programmed at the target node. This also includes illustrations for | |||
SRv6 SID for hop-by-hop fault localization as well as path tracing to | tracerouting to an SRv6 SID for hop-by-hop fault localization as well | |||
a SID. | as path tracing to a SID. | |||
The document also introduces enhancements for the OAM mechanism for | This document also introduces enhancements for the OAM mechanism for | |||
SRv6 networks for performing controllable and predictable flow | SRv6 networks for performing controllable and predictable flow | |||
sampling from segment endpoints using, e.g., IP Flow Information | sampling from segment endpoints using, e.g., the IP Flow Information | |||
Export (IPFIX) protocol [RFC7011]. Specifically, the document | Export (IPFIX) protocol [RFC7011]. Specifically, the document | |||
specifies the O-flag in SRH as a marking-bit in the user packets to | specifies the OAM flag (O-flag) in the SRH as a marking bit in the | |||
trigger the telemetry data collection and export at the segment | user packets to trigger telemetry data collection and export at the | |||
endpoints. | segment endpoints. | |||
The document also outlines how the centralized OAM technique in | This document also outlines how the centralized OAM technique in | |||
[RFC8403] can be extended for SRv6 to perform a path continuity check | [RFC8403] can be extended for SRv6 to perform a path continuity check | |||
between any nodes within an SRv6 domain. Specifically, the document | between any nodes within an SRv6 domain. Specifically, the document | |||
illustrates how a centralized monitoring system can monitor arbitrary | illustrates how a centralized monitoring system can monitor arbitrary | |||
SRv6 paths by creating the loopback probes that originate and | SRv6 paths by creating loopback probes that originate and terminate | |||
terminate at the centralized monitoring system. | at the centralized monitoring system. | |||
1.1. Requirements Language | 1.1. Requirements Language | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in | |||
14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
1.2. Abbreviations | 1.2. Abbreviations | |||
The following abbreviations are used in this document: | The following abbreviations are used in this document: | |||
SID: Segment ID. | SID: Segment Identifier | |||
SL: Segments Left. | SL: Segments Left | |||
SR: Segment Routing. | SR: Segment Routing | |||
SRH: Segment Routing Header [RFC8754]. | SRH: Segment Routing Header [RFC8754] | |||
SRv6: Segment Routing with IPv6 Data plane. | SRv6: Segment Routing with IPv6 data plane | |||
PSP: Penultimate Segment Pop of the SRH [RFC8986]. | PSP: Penultimate Segment Pop [RFC8986] | |||
USP: Ultimate Segment Pop of the SRH [RFC8986]. | USP: Ultimate Segment Pop [RFC8986] | |||
ICMPv6: ICMPv6 Specification [RFC4443]. | ICMPv6: Internet Control Message Protocol for the Internet Protocol | |||
version 6 [RFC4443] | ||||
IS-IS: Intermediate System to Intermediate System | IS-IS: Intermediate System to Intermediate System | |||
OSPF: Open Shortest Path First protocol [RFC2328] | ||||
IGP: Interior Gateway Protocols (e.g., OSPF, IS-IS). | OSPF: Open Shortest Path First [RFC2328] | |||
BGP-LS: Border Gateway Protocol - Link State Extensions [RFC8571] | IGP: Interior Gateway Protocol (e.g., OSPF and IS-IS) | |||
BGP-LS: Border Gateway Protocol - Link State [RFC8571] | ||||
1.3. Terminology and Reference Topology | 1.3. Terminology and Reference Topology | |||
Throughout the document, the following terminology and simple | The terminology and simple topology in this section are used for | |||
topology is used for illustration. | illustration throughout the document. | |||
+--------------------------| N100 |---------------------------------+ | +--------------------------| N100 |---------------------------------+ | |||
| | | | | | |||
| ====== link1====== link3------ link5====== link9------ ====== | | | ====== link1====== link3------ link5====== link9------ ====== | | |||
||N1||------||N2||------| N3 |------||N4||------| N5 |---||N7|| | ||N1||------||N2||------| N3 |------||N4||------| N5 |---||N7|| | |||
|| ||------|| ||------| |------|| ||------| |---|| || | || ||------|| ||------| |------|| ||------| |---|| || | |||
====== link2====== link4------ link6======link10------ ====== | ====== link2====== link4------ link6======link10------ ====== | |||
| | | | | | | | | | |||
---+-- | ------ | --+--- | ---+-- | ------ | --+--- | |||
|CE 1| +-------| N6 |---------+ |CE 2| | |CE1 | +-------| N6 |---------+ |CE2 | | |||
------ link7 | | link8 ------ | ------ link7 | | link8 ------ | |||
------ | ------ | |||
Figure 1 Reference Topology | Figure 1: Reference Topology | |||
In the reference topology: | In the reference topology: | |||
Node j has a IPv6 loopback address 2001:db8:L:j::/128. | * Node j has an IPv6 loopback address 2001:db8:L:j::/128. | |||
Nodes N1, N2, N4 and N7 are SRv6-capable nodes. | * Nodes N1, N2, N4, and N7 are SRv6-capable nodes. | |||
Nodes N3, N5 and N6 are IPv6 nodes that are not SRv6-capable. | * Nodes N3, N5, and N6 are IPv6 nodes that are not SRv6-capable | |||
Such nodes are referred as non-SRv6 capable nodes. | nodes. Such nodes are referred to as "non-SRv6-capable nodes". | |||
CE1 and CE2 are Customer Edge devices of any data plane capability | * CE1 and CE2 are Customer Edge devices of any data plane capability | |||
(e.g., IPv4, IPv6, L2, etc.). | (e.g., IPv4, IPv6, and L2). | |||
A SID at node j with locator block 2001:db8:K::/48 and function U | * A SID at node j with locator block 2001:db8:K::/48 and function U | |||
is represented by 2001:db8:K:j:U::. | is represented by 2001:db8:K:j:U::. | |||
Node N100 is a controller. | * Node N100 is a controller. | |||
The IPv6 address of the nth Link between node i and j at the i | * The IPv6 address of the nth link between node i and j at the i | |||
side is represented as 2001:db8:i:j:in::, e.g., the IPv6 address | side is represented as 2001:db8:i:j:in::. For example, in | |||
of link6 (the 2nd link between N3 and N4) at N3 in Figure 1 is | Figure 1, the IPv6 address of link6 (the second link between N3 | |||
2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the 1st | and N4) at N3 is 2001:db8:3:4:32::. Similarly, the IPv6 address of | |||
link between N3 and N4) at node N3 is 2001:db8:3:4:31::. | link5 (the first link between N3 and N4) at node N3 is | |||
2001:db8:3:4:31::. | ||||
2001:db8:K:j:Xin:: is explicitly allocated as the End.X SID at | * 2001:db8:K:j:Xin:: is explicitly allocated as the End.X SID at | |||
node j towards neighbor node i via nth Link between node i and | node j towards neighbor node i via the nth link between node i and | |||
node j. e.g., 2001:db8:K:2:X31:: represents End.X at N2 towards | node j. For example, 2001:db8:K:2:X31:: represents End.X at N2 | |||
N3 via link3 (the 1st link between N2 and N3). Similarly, | towards N3 via link3 (the first link between N2 and N3). | |||
2001:db8:K:4:X52:: represents the End.X at N4 towards N5 via | Similarly, 2001:db8:K:4:X52:: represents the End.X at N4 towards | |||
link10 (the 2nd link between N4 and N5). Please refer to | N5 via link10 (the second link between N4 and N5). Please refer | |||
[RFC8986] for description of End.X SID. | to [RFC8986] for a description of End.X SID. | |||
A SID list is represented as <S1, S2, S3> where S1 is the first | * A SID list is represented as <S1, S2, S3>, where S1 is the first | |||
SID to visit, S2 is the second SID to visit and S3 is the last SID | SID to visit, S2 is the second SID to visit, and S3 is the last | |||
to visit along the SR path. | SID to visit along the SR path. | |||
(SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with: | * (SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with: | |||
* IPv6 header with source address SA, destination addresses DA | - IPv6 header with source address SA, destination addresses DA, | |||
and SRH as next-header | and SRH as the next header | |||
* SRH with SID list <S1, S2, S3> with SegmentsLeft = SL | - SRH with SID list <S1, S2, S3> with SegmentsLeft = SL | |||
* Note the difference between the < > and () symbols: <S1, S2, | Note the difference between the < > and () symbols: <S1, S2, | |||
S3> represents a SID list where S1 is the first SID and S3 is | S3> represents a SID list where S1 is the first SID and S3 is | |||
the last SID to traverse. (S3, S2, S1; SL) represents the same | the last SID to traverse. (S3, S2, S1; SL) represents the same | |||
SID list but encoded in the SRH format where the rightmost SID | SID list but encoded in the SRH format where the rightmost SID | |||
in the SRH is the first SID and the leftmost SID in the SRH is | in the SRH is the first SID and the leftmost SID in the SRH is | |||
the last SID. When referring to an SR policy in a high-level | the last SID. When referring to an SR policy in a high-level | |||
use-case, it is simpler to use the <S1, S2, S3> notation. When | use case, it is simpler to use the <S1, S2, S3> notation. When | |||
referring to an illustration of the detailed packet behavior, | referring to an illustration of the detailed packet behavior, | |||
the (S3, S2, S1; SL) notation is more convenient. | the (S3, S2, S1; SL) notation is more convenient. | |||
* (payload) represents the the payload of the packet. | - (payload) represents the payload of the packet. | |||
2. OAM Mechanisms | 2. OAM Mechanisms | |||
This section defines OAM enhancement for the SRv6 networks. | This section defines OAM enhancements for SRv6 networks. | |||
2.1. O-flag in Segment Routing Header | 2.1. OAM Flag in the Segment Routing Header | |||
[RFC8754] describes the Segment Routing Header (SRH) and how SR | [RFC8754] describes the Segment Routing Header (SRH) and how SR- | |||
capable nodes use it. The SRH contains an 8-bit "Flags" field. | capable nodes use it. The SRH contains an 8-bit Flags field. | |||
This document defines the following bit in the SRH Flags field to | This document defines the following bit in the SRH Flags field to | |||
carry the O-flag: | carry the O-flag: | |||
0 1 2 3 4 5 6 7 | 0 1 2 3 4 5 6 7 | |||
+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+ | |||
| |O| | | | |O| | | |||
+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+ | |||
Where: | Where: | |||
O-flag: OAM flag in the SRH Flags field defined in [RFC8754]. | O-flag: OAM flag in the SRH Flags field defined in [RFC8754]. | |||
2.1.1. O-flag Processing | 2.1.1. OAM Flag Processing | |||
The O-flag in SRH is used as a marking-bit in the user packets to | The O-flag in the SRH is used as a marking bit in user packets to | |||
trigger the telemetry data collection and export at the segment | trigger telemetry data collection and export at the segment | |||
endpoints. | endpoints. | |||
An SR domain ingress edge node encapsulates packets traversing the SR | An SR domain ingress edge node encapsulates packets traversing the SR | |||
domain as defined in [RFC8754]. The SR domain ingress edge node MAY | domain as defined in [RFC8754]. The SR domain ingress edge node MAY | |||
use the O-flag in SRH for marking the packet to trigger the telemetry | use the O-flag in the SRH for marking the packet to trigger the | |||
data collection and export at the segment endpoints. Based on a | telemetry data collection and export at the segment endpoints. Based | |||
local configuration, the SR domain ingress edge node may implement a | on local configuration, the SR domain ingress edge node may implement | |||
classification and sampling mechanism to mark a packet with the | a classification and sampling mechanism to mark a packet with the | |||
O-flag in SRH. Specification of the classification and sampling | O-flag in the SRH. Specification of the classification and sampling | |||
method is outside the scope of this document. | method is outside the scope of this document. | |||
This document does not specify the data elements that need to be | This document does not specify the data elements that need to be | |||
exported and the associated configurations. Similarly, this document | exported and the associated configurations. Similarly, this document | |||
does not define any formats for exporting the data elements. | does not define any formats for exporting the data elements. | |||
Nonetheless, without the loss of generality, this document assumes IP | Nonetheless, without the loss of generality, this document assumes | |||
Flow Information Export (IPFIX) protocol [RFC7011] is used for | that the IP Flow Information Export (IPFIX) protocol [RFC7011] is | |||
exporting the traffic flow information from the network devices to a | used for exporting the traffic flow information from the network | |||
controller for monitoring and analytics. Similarly, without the loss | devices to a controller for monitoring and analytics. Similarly, | |||
of generality, this document assumes requested information elements | without the loss of generality, this document assumes that requested | |||
are configured by the management plane through data set templates | information elements are configured by the management plane through | |||
(e.g., as in IPFIX [RFC7012]). | data set templates (e.g., as in IPFIX [RFC7012]). | |||
Implementation of the O-flag is OPTIONAL. If a node does not support | Implementation of the O-flag is OPTIONAL. If a node does not support | |||
the O-flag, then upon reception it simply ignores it. If a node | the O-flag, then it simply ignores it upon reception. If a node | |||
supports the O-flag, it can optionally advertise its potential via | supports the O-flag, it can optionally advertise its potential via | |||
control plane protocol(s). | control plane protocol(s). | |||
When N receives a packet destined to S and S is a local SID, the line | When N receives a packet destined to S and S is a local SID, line S01 | |||
S01 of the pseudo-code associated with the SID S, as defined in | of the pseudocode associated with the SID S (as defined in | |||
section 4.3.1.1 of [RFC8754], is appended to as follows for the | Section 4.3.1.1 of [RFC8754]) is appended to as follows for O-flag | |||
O-flag processing. | processing. | |||
S01.1. IF O-flag is set and local configuration permits | S01.1. IF the O-flag is set and local configuration permits | |||
O-flag processing { | O-flag processing { | |||
a. Make a copy of the packet. | a. Make a copy of the packet. | |||
b. Send the copied packet, along with a timestamp | b. Send the copied packet, along with a timestamp, | |||
to the OAM process for telemetry data collection | to the OAM process for telemetry data collection | |||
and export. ;; Ref1 | and export. ;; Ref1 | |||
} | } | |||
Ref1: To provide an accurate timestamp, an implementation should copy | Ref1: To provide an accurate timestamp, an implementation should | |||
and record the timestamp as soon as possible during packet processing. | copy and record the timestamp as soon as possible during packet | |||
Timestamp and any other metadata is not carried in the packet forwarded to the next hop. | processing. Timestamp and any other metadata are not carried in | |||
the packet forwarded to the next hop. | ||||
Please note that the O-flag processing happens before execution of | Please note that the O-flag processing happens before execution of | |||
regular processing of the local SID S. Specifically, the line S01.1 | regular processing of the local SID S. Specifically, line S01.1 of | |||
of the pseudo-code specified in this document is inserted between | the pseudocode specified in this document is inserted between lines | |||
line S01 and S02 of the pseudo-code defined in section 4.3.1.1 of | S01 and S02 of the pseudocode defined in Section 4.3.1.1 of | |||
[RFC8754]. | [RFC8754]. | |||
Based on the requested information elements configured by the | Based on the requested information elements configured by the | |||
management plane through data set templates [RFC7012], the OAM | management plane through data set templates [RFC7012], the OAM | |||
process exports the requested information elements. The information | process exports the requested information elements. The information | |||
elements include parts of the packet header and/or parts of the | elements include parts of the packet header and/or parts of the | |||
packet payload for flow identification. The OAM process uses | packet payload for flow identification. The OAM process uses | |||
information elements defined in IPFIX [RFC7011] and PSAMP [RFC5476] | information elements defined in IPFIX [RFC7011] and Packet Sampling | |||
for exporting the requested sections of the mirrored packets. | (PSAMP) [RFC5476] for exporting the requested sections of the | |||
mirrored packets. | ||||
If the penultimate segment of a segment-list is a Penultimate Segment | If the penultimate segment of a segment list is a PSP SID, telemetry | |||
Pop (PSP) SID, telemetry data from the ultimate segment cannot be | data from the ultimate segment cannot be requested. This is because, | |||
requested. This is because, when the penultimate segment is a PSP | when the penultimate segment is a PSP SID, the SRH is removed at the | |||
SID, the SRH is removed at the penultimate segment and the O-flag is | penultimate segment, and the O-flag is not processed at the ultimate | |||
not processed at the ultimate segment. | segment. | |||
The processing node MUST rate-limit the number of packets punted to | The processing node MUST rate-limit the number of packets punted to | |||
the OAM process to a configurable rate. This is to avoid hitting any | the OAM process to a configurable rate. This is to avoid hitting any | |||
performance impact on the OAM and the telemetry collection processes. | performance impact on the OAM and telemetry collection processes. | |||
Failure in implementing the rate limit can lead to a denial-of- | Failure to implement the rate limit can lead to a denial-of-service | |||
service attack, as detailed in section 4. | attack, as detailed in Section 3. | |||
The OAM process MUST NOT process the copy of the packet or respond to | The OAM process MUST NOT process the copy of the packet or respond to | |||
any upper-layer header (like ICMP, UDP, etc.) payload to prevent | any upper-layer header (like ICMP, UDP, etc.) payload to prevent | |||
multiple evaluations of the datagram. | multiple evaluations of the datagram. | |||
The OAM process is expected to be located on the routing node | The OAM process is expected to be located on the routing node | |||
processing the packet. Although the specification of the OAM process | processing the packet. Although the specification of the OAM process | |||
or the external controller operations are beyond the scope of this | or the external controller operations are beyond the scope of this | |||
document, the OAM process SHOULD NOT be topologically distant from | document, the OAM process SHOULD NOT be topologically distant from | |||
the routing node, as this is likely to create significant security | the routing node, as this is likely to create significant security | |||
and congestion issues. How to correlate the data collected from | and congestion issues. How to correlate the data collected from | |||
different nodes at an external controller is also outside the scope | different nodes at an external controller is also outside the scope | |||
of the document. Appendix A illustrates use of the O-flag for | of this document. Appendix A illustrates use of the O-flag for | |||
implementing a hybrid OAM mechanism, where the "hybrid" | implementing a hybrid OAM mechanism, where the "hybrid" | |||
classification is based on RFC7799 [RFC7799]. | classification is based on [RFC7799]. | |||
2.2. OAM Operations | 2.2. OAM Operations | |||
IPv6 OAM operations can be performed for any SRv6 SID whose behavior | IPv6 OAM operations can be performed for any SRv6 SID whose behavior | |||
allows Upper Layer Header processing for an applicable OAM payload | allows Upper-Layer Header processing for an applicable OAM payload | |||
(e.g., ICMP, UDP). | (e.g., ICMP, UDP). | |||
Ping to an SRv6 SID is used to verify that the SID is reachable and | Ping to an SRv6 SID is used to verify that the SID is reachable and | |||
is locally programmed at the target node. Traceroute to a SID is | is locally programmed at the target node. Traceroute to a SID is | |||
used for hop-by-hop fault localization as well as path tracing to a | used for hop-by-hop fault localization as well as path tracing to a | |||
SID. Appendix A illustrates the ICMPv6 based ping and the UDP based | SID. Appendix A illustrates the ICMPv6-based ping and UDP-based | |||
traceroute mechanisms for ping and traceroute to an SRv6 SID. | traceroute mechanisms for ping and traceroute to an SRv6 SID. | |||
Although this document only illustrates ICMPv6 ping and UDP based | Although this document only illustrates ICMPv6-based ping and UDP- | |||
traceroute to an SRv6 SID, the procedures are equally applicable to | based traceroute to an SRv6 SID, the procedures are equally | |||
other IPv6 OAM probing to an SRv6 SID (e.g., Bidirectional Forwarding | applicable to other IPv6 OAM probing to an SRv6 SID (e.g., | |||
Detection (BFD) [RFC5880], Seamless BFD (SBFD) [RFC7880], STAMP probe | Bidirectional Forwarding Detection (BFD) [RFC5880], Seamless BFD | |||
message processing [I-D.gandhi-spring-stamp-srpm], etc.). | (S-BFD) [RFC7880], and Simple Two-way Active Measurement Protocol | |||
Specifically, as long as local configuration allows the Upper-layer | (STAMP) probe message processing [STAMP-SR]). Specifically, as long | |||
Header processing of the applicable OAM payload for SRv6 SIDs, the | as local configuration allows the Upper-layer Header processing of | |||
existing IPv6 OAM techniques can be used to target a probe to a | the applicable OAM payload for SRv6 SIDs, the existing IPv6 OAM | |||
(remote) SID. | techniques can be used to target a probe to a (remote) SID. | |||
IPv6 OAM operations can be performed with the target SID in the IPv6 | IPv6 OAM operations can be performed with the target SID in the IPv6 | |||
destination address without SRH or with SRH where the target SID is | destination address without an SRH or with an SRH where the target | |||
the last segment. In general, OAM operations to a target SID may not | SID is the last segment. In general, OAM operations to a target SID | |||
exercise all of its processing depending on its behavior definition. | may not exercise all of its processing depending on its behavior | |||
For example, ping to an End.X SID [RFC8986] only validates the SID is | definition. For example, ping to an End.X SID [RFC8986] only | |||
locally programmed at the target node and does not validate switching | validates the SID is locally programmed at the target node and does | |||
to the correct outgoing interface. To exercise the behavior of a | not validate switching to the correct outgoing interface. To | |||
target SID, the OAM operation should construct the probe in a manner | exercise the behavior of a target SID, the OAM operation should | |||
similar to a data packet that exercises the SID behavior, i.e. to | construct the probe in a manner similar to a data packet that | |||
include that SID as a transit SID in either an SRH or IPv6 DA of an | exercises the SID behavior, i.e. to include that SID as a transit SID | |||
outer IPv6 header or as appropriate based on the definition of the | in either an SRH or IPv6 DA of an outer IPv6 header or as appropriate | |||
SID behavior. | based on the definition of the SID behavior. | |||
3. Implementation Status | ||||
This section is to be removed prior to publishing as an RFC. | ||||
See [I-D.matsushima-spring-srv6-deployment-status] for updated | ||||
deployment and interoperability reports. | ||||
4. Security Considerations | 3. Security Considerations | |||
[RFC8754] defines the notion of an SR domain and use of SRH within | [RFC8754] defines the notion of an SR domain and use of the SRH | |||
the SR domain. The use of OAM procedures described in this document | within the SR domain. The use of OAM procedures described in this | |||
is restricted to an SR domain. For example, similar to the SID | document is restricted to an SR domain. For example, similar to SID | |||
manipulation, O-flag manipulation is not considered as a threat | manipulation, O-flag manipulation is not considered a threat within | |||
within the SR domain. Procedures for securing an SR domain are | the SR domain. Procedures for securing an SR domain are defined in | |||
defined the section 5.1 and section 7 of [RFC8754]. | Sections 5.1 and 7 of [RFC8754]. | |||
As noted in section 7.1 of [RFC8754], compromised nodes within the SR | As noted in Section 7.1 of [RFC8754], compromised nodes within the SR | |||
domain may mount attacks. The O-flag may be set by an attacking node | domain may mount attacks. The O-flag may be set by an attacking node | |||
attempting a denial-of-service attack on the OAM process at the | attempting a denial-of-service attack on the OAM process at the | |||
segment endpoint node. An implementation correctly implementing the | segment endpoint node. An implementation correctly implementing the | |||
rate limiting in section 2.1.1 is not susceptible to that denial-of- | rate limiting described in Section 2.1.1 is not susceptible to that | |||
service attack. Additionally, SRH Flags are protected by the HMAC | denial-of-service attack. Additionally, SRH flags are protected by | |||
TLV, as described in section 2.1.2.1 of [RFC8754]. Once an HMAC is | the Hashed Message Authentication Code (HMAC) TLV, as described in | |||
generated for a segment list with the O-flag set, it can be used for | Section 2.1.2.1 of [RFC8754]. Once an HMAC is generated for a | |||
an arbitrary amount of traffic using that segment list with O-flag | segment list with the O-flag set, it can be used for an arbitrary | |||
set. | amount of traffic using that segment list with the O-flag set. | |||
The security properties of the channel used to send exported packets | The security properties of the channel used to send exported packets | |||
marked by the O-flag will depend on the specific OAM processes used. | marked by the O-flag will depend on the specific OAM processes used. | |||
An on-path attacker able to observe this OAM channel could conduct | An on-path attacker able to observe this OAM channel could conduct | |||
traffic analysis, or potentially eavesdropping (depending on the OAM | traffic analysis, or potentially eavesdropping (depending on the OAM | |||
configuration), of this telemetry for the entire SR domain from such | configuration), of this telemetry for the entire SR domain from such | |||
a vantage point. | a vantage point. | |||
This document does not impose any additional security challenges to | This document does not impose any additional security challenges to | |||
be considered beyond security threats described in [RFC4884], | be considered beyond the security threats described in [RFC4884], | |||
[RFC4443], [RFC0792], [RFC8754] and [RFC8986]. | [RFC4443], [RFC0792], [RFC8754], and [RFC8986]. | |||
5. Privacy Considerations | 4. Privacy Considerations | |||
The per-packet marking capabilities of the O-flag provides a granular | The per-packet marking capabilities of the O-flag provide a granular | |||
mechanism to collect telemetry. When this collection is deployed by | mechanism to collect telemetry. When this collection is deployed by | |||
an operator with knowledge and consent of the users, it will enable a | an operator with the knowledge and consent of the users, it will | |||
variety of diagnostics and monitoring to support the OAM and security | enable a variety of diagnostics and monitoring to support the OAM and | |||
operations use cases needed for resilient network operations. | security operations use cases needed for resilient network | |||
However, this collection mechanism will also provide an explicit | operations. However, this collection mechanism will also provide an | |||
protocol mechanism to operators for surveillance and pervasive | explicit protocol mechanism to operators for surveillance and | |||
monitoring use cases done contrary to the user's consent. | pervasive monitoring use cases done contrary to the user's consent. | |||
6. IANA Considerations | 5. IANA Considerations | |||
This document requests that IANA allocate the following registration | IANA has registered the following in the "Segment Routing Header | |||
in the "Segment Routing Header Flags" sub-registry for the "Internet | Flags" subregistry in the "Internet Protocol Version 6 (IPv6) | |||
Protocol Version 6 (IPv6) Parameters" registry maintained by IANA: | Parameters" registry: | |||
+-------+------------------------------+---------------+ | +=====+=============+===========+ | |||
| Bit | Description | Reference | | | Bit | Description | Reference | | |||
+=======+==============================+===============+ | +=====+=============+===========+ | |||
| 2 | O-flag | This document | | | 2 | O-flag | RFC 9259 | | |||
+-------+------------------------------+---------------+ | +-----+-------------+-----------+ | |||
7. References | Table 1 | |||
7.1. Normative References | 6. References | |||
6.1. Normative References | ||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
skipping to change at page 10, line 35 ¶ | skipping to change at line 447 ¶ | |||
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header | Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header | |||
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, | (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, | |||
<https://www.rfc-editor.org/info/rfc8754>. | <https://www.rfc-editor.org/info/rfc8754>. | |||
[RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, | [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, | |||
D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 | D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 | |||
(SRv6) Network Programming", RFC 8986, | (SRv6) Network Programming", RFC 8986, | |||
DOI 10.17487/RFC8986, February 2021, | DOI 10.17487/RFC8986, February 2021, | |||
<https://www.rfc-editor.org/info/rfc8986>. | <https://www.rfc-editor.org/info/rfc8986>. | |||
7.2. Informative References | 6.2. Informative References | |||
[I-D.gandhi-spring-stamp-srpm] | ||||
Gandhi, R., Filsfils, C., Voyer, D., Chen, M., Janssens, | ||||
B., and R. Foote, "Performance Measurement Using Simple | ||||
TWAMP (STAMP) for Segment Routing Networks", draft-gandhi- | ||||
spring-stamp-srpm-07 (work in progress), July 2021. | ||||
[I-D.ietf-ippm-ioam-data] | ||||
Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields | ||||
for In-situ OAM", draft-ietf-ippm-ioam-data-11 (work in | ||||
progress), November 2020. | ||||
[I-D.matsushima-spring-srv6-deployment-status] | ||||
Matsushima, S., Filsfils, C., Ali, Z., Li, Z., and K. | ||||
Rajaraman, "SRv6 Implementation and Deployment Status", | ||||
draft-matsushima-spring-srv6-deployment-status-11 (work in | ||||
progress), February 2021. | ||||
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, | [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, | |||
RFC 792, DOI 10.17487/RFC0792, September 1981, | RFC 792, DOI 10.17487/RFC0792, September 1981, | |||
<https://www.rfc-editor.org/info/rfc792>. | <https://www.rfc-editor.org/info/rfc792>. | |||
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, | [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, | |||
DOI 10.17487/RFC2328, April 1998, | DOI 10.17487/RFC2328, April 1998, | |||
<https://www.rfc-editor.org/info/rfc2328>. | <https://www.rfc-editor.org/info/rfc2328>. | |||
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet | [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet | |||
skipping to change at page 12, line 35 ¶ | skipping to change at line 518 ¶ | |||
Kumar, "A Scalable and Topology-Aware MPLS Data-Plane | Kumar, "A Scalable and Topology-Aware MPLS Data-Plane | |||
Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July | Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July | |||
2018, <https://www.rfc-editor.org/info/rfc8403>. | 2018, <https://www.rfc-editor.org/info/rfc8403>. | |||
[RFC8571] Ginsberg, L., Ed., Previdi, S., Wu, Q., Tantsura, J., and | [RFC8571] Ginsberg, L., Ed., Previdi, S., Wu, Q., Tantsura, J., and | |||
C. Filsfils, "BGP - Link State (BGP-LS) Advertisement of | C. Filsfils, "BGP - Link State (BGP-LS) Advertisement of | |||
IGP Traffic Engineering Performance Metric Extensions", | IGP Traffic Engineering Performance Metric Extensions", | |||
RFC 8571, DOI 10.17487/RFC8571, March 2019, | RFC 8571, DOI 10.17487/RFC8571, March 2019, | |||
<https://www.rfc-editor.org/info/rfc8571>. | <https://www.rfc-editor.org/info/rfc8571>. | |||
[RFC9197] Brockners, F., Ed., Bhandari, S., Ed., and T. Mizrahi, | ||||
Ed., "Data Fields for In Situ Operations, Administration, | ||||
and Maintenance (IOAM)", RFC 9197, DOI 10.17487/RFC9197, | ||||
May 2022, <https://www.rfc-editor.org/info/rfc9197>. | ||||
[STAMP-SR] Gandhi, R., Ed., Filsfils, C., Voyer, D., Chen, M., | ||||
Janssens, B., and R. Foote, "Performance Measurement Using | ||||
Simple TWAMP (STAMP) for Segment Routing Networks", Work | ||||
in Progress, Internet-Draft, draft-ietf-spring-stamp-srpm- | ||||
03, 1 February 2022, | ||||
<https://datatracker.ietf.org/doc/html/draft-ietf-spring- | ||||
stamp-srpm-03>. | ||||
Appendix A. Illustrations | Appendix A. Illustrations | |||
This appendix shows how some of the existing IPv6 OAM mechanisms can | This appendix shows how some of the existing IPv6 OAM mechanisms can | |||
be used in an SRv6 network. It also illustrates an OAM mechanism for | be used in an SRv6 network. It also illustrates an OAM mechanism for | |||
performing controllable and predictable flow sampling from segment | performing controllable and predictable flow sampling from segment | |||
endpoints. How centralized OAM technique in [RFC8403] can be | endpoints. How the centralized OAM technique in [RFC8403] can be | |||
extended for SRv6 is also described in this appendix. | extended for SRv6 is also described in this appendix. | |||
A.1. Ping in SRv6 Networks | A.1. Ping in SRv6 Networks | |||
The existing mechanism to perform the reachability checks, along the | The existing mechanism to perform the reachability checks, along the | |||
shortest path, continues to work without any modification. Any IPv6 | shortest path, continues to work without any modification. Any IPv6 | |||
node (SRv6 capable or a non-SRv6 capable) can initiate, transit, and | node (SRv6-capable or non-SRv6-capable) can initiate, transit, and | |||
egress a ping packet. | egress a ping packet. | |||
The following subsections outline some additional use cases of the | The following subsections outline some additional use cases of ICMPv6 | |||
ICMPv6 ping in the SRv6 networks. | ping in SRv6 networks. | |||
A.1.1. Pinging an IPv6 Address via a Segment-list | A.1.1. Pinging an IPv6 Address via a Segment List | |||
If an SRv6-capable ingress node wants to ping an IPv6 address via an | If an SRv6-capable ingress node wants to ping an IPv6 address via an | |||
arbitrary segment list <S1, S2, S3>, it needs to initiate an ICMPv6 | arbitrary segment list <S1, S2, S3>, it needs to initiate an ICMPv6 | |||
ping with an SR header containing the SID list <S1, S2, S3>. This is | ping with an SR header containing the SID list <S1, S2, S3>. This is | |||
illustrated using the topology in Figure 1. User issues a ping from | illustrated using the topology in Figure 1. The user issues a ping | |||
node N1 to a loopback of node N5, via segment list | from node N1 to a loopback of node N5 via segment list | |||
<2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID behavior used in | <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID behavior used in | |||
the example is End.X SID, as described in [RFC8986], but the | the example is End.X, as described in [RFC8986], but the procedure is | |||
procedure is equally applicable to any other (transit) SID type. | equally applicable to any other (transit) SID type. | |||
Figure 2 contains sample output for a ping request initiated at node | Figure 2 contains sample output for a ping request initiated at node | |||
N1 to a loopback address of node N5 via a segment list | N1 to a loopback address of node N5 via segment list | |||
<2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. | <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. | |||
> ping 2001:db8:L:5:: via segment-list 2001:db8:K:2:X31::, | > ping 2001:db8:L:5:: via segment list 2001:db8:K:2:X31::, | |||
2001:db8:K:4:X52:: | 2001:db8:K:4:X52:: | |||
Sending 5, 100-byte ICMPv6 Echos to B5::, timeout is 2 seconds: | Sending 5, 100-byte ICMPv6 Echos to B5::, timeout is 2 seconds: | |||
!!!!! | !!!!! | |||
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.625 | Success rate is 100 percent (5/5), round-trip min/avg/max = 0.625 | |||
/0.749/0.931 ms | /0.749/0.931 ms | |||
Figure 2 A sample ping output at an SRv6-capable node | Figure 2: Sample Ping Output at an SRv6-Capable Node | |||
All transit nodes process the echo request message like any other | All transit nodes process the echo request message like any other | |||
data packet carrying SR header and hence do not require any change. | data packet carrying an SR header and hence do not require any | |||
Similarly, the egress node does not require any change to process the | change. Similarly, the egress node does not require any change to | |||
ICMPv6 echo request. For example, in the ping example of Figure 2: | process the ICMPv6 echo request. For example, in the example in | |||
Figure 2: | ||||
o Node N1 initiates an ICMPv6 ping packet with SRH as follows | * Node N1 initiates an ICMPv6 ping packet with the SRH as follows: | |||
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:L:5::, | (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:L:5::, | |||
2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2, NH = ICMPv6)(ICMPv6 | 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2, NH = ICMPv6)(ICMPv6 | |||
Echo Request). | Echo Request). | |||
o Node N2, which is an SRv6-capable node, performs the standard SRH | * Node N2, which is an SRv6-capable node, performs the standard SRH | |||
processing. Specifically, it executes the End.X behavior | processing. Specifically, it executes the End.X behavior | |||
indicated by the 2001:db8:K:2:X31:: SID and forwards the packet on | indicated by the 2001:db8:K:2:X31:: SID and forwards the packet on | |||
link3 to N3. | link3 to N3. | |||
o Node N3, which is a non-SRv6 capable node, performs the standard | * Node N3, which is a non-SRv6-capable node, performs the standard | |||
IPv6 processing. Specifically, it forwards the echo request based | IPv6 processing. Specifically, it forwards the echo request based | |||
on the DA 2001:db8:K:4:X52:: in the IPv6 header. | on DA 2001:db8:K:4:X52:: in the IPv6 header. | |||
o Node N4, which is an SRv6-capable node, performs the standard SRH | * Node N4, which is an SRv6-capable node, performs the standard SRH | |||
processing. Specifically, it observes the End.X behavior | processing. Specifically, it observes the End.X behavior | |||
(2001:db8:K:4:X52::) and forwards the packet on link10 towards N5. | (2001:db8:K:4:X52::) and forwards the packet on link10 towards N5. | |||
If 2001:db8:K:4:X52:: is a PSP SID, the penultimate node (Node N4) | If 2001:db8:K:4:X52:: is a PSP SID, the penultimate node (node N4) | |||
does not, should not and cannot differentiate between the data | does not, should not, and cannot differentiate between the data | |||
packets and OAM probes. Specifically, if 2001:db8:K:4:X52:: is a | packets and OAM probes. Specifically, if 2001:db8:K:4:X52:: is a | |||
PSP SID, node N4 executes the SID like any other data packet with | PSP SID, node N4 executes the SID like any other data packet with | |||
DA = 2001:db8:K:4:X52:: and removes the SRH. | DA = 2001:db8:K:4:X52:: and removes the SRH. | |||
o The echo request packet at N5 arrives as an IPv6 packet with or | * The echo request packet at N5 arrives as an IPv6 packet with or | |||
without an SRH. If N5 receives the packet with SRH, it skips SRH | without an SRH. If N5 receives the packet with an SRH, it skips | |||
processing (SL=0). In either case, Node N5 performs the standard | SRH processing (SL=0). In either case, node N5 performs the | |||
ICMPv6 processing on the echo request and responds with the echo | standard ICMPv6 processing on the echo request and responds with | |||
reply message to N1. The echo reply message is IP routed. | the echo reply message to N1. The echo reply message is IP | |||
routed. | ||||
A.1.2. Pinging a SID | A.1.2. Pinging a SID | |||
The ping mechanism described above applies equally to perform SID | The ping mechanism described above applies equally to perform SID | |||
reachability check and to validate the SID is locally programmed at | reachability check and to validate the SID is locally programmed at | |||
the target node. This is explained using an example in the | the target node. This is explained in the following example. The | |||
following. The example uses ping to an END SID, as described in | example uses ping to an End SID, as described in [RFC8986], but the | |||
[RFC8986], but the procedure is equally applicable to ping any other | procedure is equally applicable to ping any other SID behaviors. | |||
SID behaviors. | ||||
Consider the example where the user wants to ping a remote SID | Consider the example where the user wants to ping a remote SID | |||
2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The ICMPv6 | 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The ICMPv6 | |||
echo request is processed at the individual nodes along the path as | echo request is processed at the individual nodes along the path as | |||
follows: | follows: | |||
o Node N1 initiates an ICMPv6 ping packet with SRH as follows | * Node N1 initiates an ICMPv6 ping packet with the SRH as follows: | |||
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::, | (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::, | |||
2001:db8:K:2:X31::; SL=1; NH=ICMPv6)(ICMPv6 Echo Request). | 2001:db8:K:2:X31::; SL=1; NH=ICMPv6)(ICMPv6 Echo Request). | |||
o Node N2, which is an SRv6-capable node, performs the standard SRH | * Node N2, which is an SRv6-capable node, performs the standard SRH | |||
processing. Specifically, it executes the End.X behavior | processing. Specifically, it executes the End.X behavior | |||
indicated by the 2001:db8:K:2:X31:: SID on the echo request | indicated by the 2001:db8:K:2:X31:: SID on the echo request | |||
packet. If 2001:db8:K:2:X31:: is a PSP SID, node N4 executes the | packet. If 2001:db8:K:2:X31:: is a PSP SID, node N4 executes the | |||
SID like any other data packet with DA = 2001:db8:K:2:X31:: and | SID like any other data packet with DA = 2001:db8:K:2:X31:: and | |||
removes the SRH. | removes the SRH. | |||
o Node N3, which is a non-SRv6 capable node, performs the standard | * Node N3, which is a non-SRv6-capable node, performs the standard | |||
IPv6 processing. Specifically, it forwards the echo request based | IPv6 processing. Specifically, it forwards the echo request based | |||
on DA = 2001:db8:K:4:: in the IPv6 header. | on DA = 2001:db8:K:4:: in the IPv6 header. | |||
o When node N4 receives the packet, it processes the target SID | * When node N4 receives the packet, it processes the target SID | |||
(2001:db8:K:4::). | (2001:db8:K:4::). | |||
o If the target SID (2001:db8:K:4::) is not locally instantiated and | * If the target SID (2001:db8:K:4::) is not locally instantiated and | |||
does not represent a local interface, the packet is discarded | does not represent a local interface, the packet is discarded | |||
o If the target SID (2001:db8:K:4::) is locally instantiated or | * If the target SID (2001:db8:K:4::) is locally instantiated or | |||
represents a local interface, the node processes the upper layer | represents a local interface, the node processes the upper-layer | |||
header. As part of the upper layer header processing node N4 | header. As part of the upper-layer header processing, node N4 | |||
respond to the ICMPv6 echo request message and responds with the | responds to the ICMPv6 echo request message with an echo reply | |||
echo reply message. The echo reply message is IP routed. | message. The echo reply message is IP routed. | |||
A.2. Traceroute | A.2. Traceroute | |||
The existing traceroute mechanisms, along the shortest path, | The existing traceroute mechanisms, along the shortest path, continue | |||
continues to work without any modification. Any IPv6 node (SRv6 | to work without any modification. Any IPv6 node (SRv6-capable or a | |||
capable or a non-SRv6 capable) can initiate, transit, and egress a | non-SRv6-capable) can initiate, transit, and egress a traceroute | |||
traceroute probe. | probe. | |||
The following subsections outline some additional use cases of the | The following subsections outline some additional use cases of | |||
traceroute in the SRv6 networks. | traceroute in SRv6 networks. | |||
A.2.1. Traceroute to an IPv6 Address via a Segment-list | A.2.1. Traceroute to an IPv6 Address via a Segment List | |||
If an SRv6-capable ingress node wants to traceroute to IPv6 address | If an SRv6-capable ingress node wants to traceroute to an IPv6 | |||
via an arbitrary segment list <S1, S2, S3>, it needs to initiate a | address via an arbitrary segment list <S1, S2, S3>, it needs to | |||
traceroute probe with an SR header containing the SID list <S1, S2, | initiate a traceroute probe with an SR header containing the SID list | |||
S3>. User issues a traceroute from node N1 to a loopback of node N5, | <S1, S2, S3>. The user issues a traceroute from node N1 to a | |||
via segment list <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID | loopback of node N5 via segment list <2001:db8:K:2:X31::, | |||
behavior used in the example is End.X SID, as described in [RFC8986], | 2001:db8:K:4:X52::>. The SID behavior used in the example is End.X, | |||
but the procedure is equally applicable to any other (transit) SID | as described in [RFC8986], but the procedure is equally applicable to | |||
type. Figure 3 contains sample output for the traceroute request. | any other (transit) SID type. Figure 3 contains sample output for | |||
the traceroute request. | ||||
> traceroute 2001:db8:L:5:: via segment-list 2001:db8:K:2:X31::, | > traceroute 2001:db8:L:5:: via segment list 2001:db8:K:2:X31::, | |||
2001:db8:K:4:X52:: | 2001:db8:K:4:X52:: | |||
Tracing the route to 2001:db8:L:5:: | Tracing the route to 2001:db8:L:5:: | |||
1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec | 1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec | |||
DA: 2001:db8:K:2:X31::, | DA: 2001:db8:K:2:X31::, | |||
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2) | SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2) | |||
2 2001:db8:3:2:31:: 0.721 msec 0.810 msec 0.795 msec | 2 2001:db8:3:2:31:: 0.721 msec 0.810 msec 0.795 msec | |||
DA: 2001:db8:K:4:X52::, | DA: 2001:db8:K:4:X52::, | |||
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1) | SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1) | |||
3 2001:db8:4:3::41:: 0.921 msec 0.816 msec 0.759 msec | 3 2001:db8:4:3::41:: 0.921 msec 0.816 msec 0.759 msec | |||
DA: 2001:db8:K:4:X52::, | DA: 2001:db8:K:4:X52::, | |||
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1) | SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1) | |||
4 2001:db8:5:4::52:: 0.879 msec 0.916 msec 1.024 msec | 4 2001:db8:5:4::52:: 0.879 msec 0.916 msec 1.024 msec | |||
DA: 2001:db8:L:5:: | DA: 2001:db8:L:5:: | |||
Figure 3 A sample traceroute output at an SRv6-capable node | Figure 3: Sample Traceroute Output at an SRv6-Capable Node | |||
In the sample traceroute output, the information displayed at each | In the sample traceroute output, the information displayed at each | |||
hop is obtained using the contents of the "Time Exceeded" or | hop is obtained using the contents of the "Time Exceeded" or | |||
"Destination Unreachable" ICMPv6 responses. These ICMPv6 responses | "Destination Unreachable" ICMPv6 responses. These ICMPv6 responses | |||
are IP routed. | are IP routed. | |||
In the sample traceroute output, the information for link3 is | In the sample traceroute output, the information for link3 is | |||
returned by N3, which is a non-SRv6 capable node. Nonetheless, the | returned by N3, which is a non-SRv6-capable node. Nonetheless, the | |||
ingress node is able to display SR header contents as the packet | ingress node is able to display SR header contents as the packet | |||
travels through the non-SRv6 capable node. This is because the "Time | travels through the non-SRv6-capable node. This is because the "Time | |||
Exceeded Message" ICMPv6 message can contain as much of the invoking | Exceeded" ICMPv6 message can contain as much of the invoking packet | |||
packet as possible without the ICMPv6 packet exceeding the minimum | as possible without the ICMPv6 packet exceeding the minimum IPv6 MTU | |||
IPv6 MTU [RFC4443]. The SR header is included in these ICMPv6 | [RFC4443]. The SR header is included in these ICMPv6 messages | |||
messages initiated by the non-SRv6 capable transit nodes that are not | initiated by the non-SRv6-capable transit nodes that are not running | |||
running SRv6 software. Specifically, a node generating ICMPv6 | SRv6 software. Specifically, a node generating an ICMPv6 message | |||
message containing a copy of the invoking packet does not need to | containing a copy of the invoking packet does not need to understand | |||
understand the extension header(s) in the invoking packet. | the extension header(s) in the invoking packet. | |||
The segment list information returned for the first hop is returned | The segment list information returned for the first hop is returned | |||
by N2, which is an SRv6-capable node. Just like for the second hop, | by N2, which is an SRv6-capable node. Just like for the second hop, | |||
the ingress node is able to display SR header contents for the first | the ingress node is able to display SR header contents for the first | |||
hop. | hop. | |||
There is no difference in processing of the traceroute probe at an | There is no difference in processing of the traceroute probe at an | |||
SRv6-capable and a non-SRv6 capable node. Similarly, both | SRv6-capable and a non-SRv6-capable node. Similarly, both | |||
SRv6-capable and non-SRv6 capable nodes may use the address of the | SRv6-capable and non-SRv6-capable nodes may use the address of the | |||
interface on which probe was received as the source address in the | interface on which probe was received as the source address in the | |||
ICMPv6 response. ICMPv6 extensions defined in [RFC5837] can be used | ICMPv6 response. ICMPv6 extensions defined in [RFC5837] can be used | |||
to display information about the IP interface through which the | to display information about the IP interface through which the | |||
datagram would have been forwarded had it been forwardable, and the | datagram would have been forwarded had it been forwardable, the IP | |||
IP next hop to which the datagram would have been forwarded, the IP | next hop to which the datagram would have been forwarded, the IP | |||
interface upon which a datagram arrived, the sub-IP component of an | interface upon which the datagram arrived, and the sub-IP component | |||
IP interface upon which a datagram arrived. | of an IP interface upon which the datagram arrived. | |||
The IP address of the interface on which the traceroute probe was | The IP address of the interface on which the traceroute probe was | |||
received is useful. This information can also be used to verify if | received is useful. This information can also be used to verify if | |||
SIDs 2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly | SIDs 2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly | |||
by N2 and N4, respectively. Specifically, the information displayed | by N2 and N4, respectively. Specifically, the information displayed | |||
for the second hop contains the incoming interface address | for the second hop contains the incoming interface address | |||
2001:db8:2:3:31:: at N3. This matches with the expected interface | 2001:db8:2:3:31:: at N3. This matches the expected interface bound | |||
bound to End.X behavior 2001:db8:K:2:X31:: (link3). Similarly, the | to End.X behavior 2001:db8:K:2:X31:: (link3). Similarly, the | |||
information displayed for the fourth hop contains the incoming | information displayed for the fourth hop contains the incoming | |||
interface address 2001:db8:4:5::52:: at N5. This matches with the | interface address 2001:db8:4:5::52:: at N5. This matches the | |||
expected interface bound to the End.X behavior 2001:db8:K:4:X52:: | expected interface bound to the End.X behavior 2001:db8:K:4:X52:: | |||
(link10). | (link10). | |||
A.2.2. Traceroute to a SID | A.2.2. Traceroute to a SID | |||
The mechanism to traceroute an IPv6 Address via a Segment-list | The mechanism to traceroute an IPv6 address via a segment list | |||
described in the previous section applies equally to traceroute a | described in the previous section applies equally to traceroute a | |||
remote SID behavior, as explained using an example in the following. | remote SID behavior, as explained in the following example. The | |||
The example uses traceroute to an END SID, as described in [RFC8986], | example uses traceroute to an End SID, as described in [RFC8986], but | |||
but the procedure is equally applicable to tracerouting any other SID | the procedure is equally applicable to tracerouting any other SID | |||
behaviors. | behaviors. | |||
Please note that traceroute to a SID is exemplified using UDP probes. | Please note that traceroute to a SID is exemplified using UDP probes. | |||
However, the procedure is equally applicable to other implementations | However, the procedure is equally applicable to other implementations | |||
of traceroute mechanism. The UDP encoded message to traceroute a SID | of traceroute mechanism. The UDP encoded message to traceroute a SID | |||
would use the UDP ports assigned by IANA for "traceroute use". | would use the UDP ports assigned by IANA for "traceroute use". | |||
Consider the example where the user wants to traceroute a remote SID | Consider the example where the user wants to traceroute a remote SID | |||
2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The traceroute | 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The traceroute | |||
probe is processed at the individual nodes along the path as follows: | probe is processed at the individual nodes along the path as follows: | |||
o Node N1 initiates a traceroute probe packet as follows | * Node N1 initiates a traceroute probe packet as follows | |||
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::, | (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::, | |||
2001:db8:K:2:X31::; SL=1; NH=UDP)(Traceroute probe). The first | 2001:db8:K:2:X31::; SL=1; NH=UDP)(Traceroute probe). The first | |||
traceroute probe is sent with hop-count value set to 1. The hop- | traceroute probe is sent with the hop-count value set to 1. The | |||
count value is incremented by 1 for each following traceroute | hop-count value is incremented by 1 for each subsequent traceroute | |||
probes. | probe. | |||
o When node N2 receives the packet with hop-count = 1, it processes | * When node N2 receives the packet with hop-count = 1, it processes | |||
the hop-count expiry. Specifically, the node N2 responds with the | the hop-count expiry. Specifically, node N2 responds with the | |||
ICMPv6 message (Type: "Time Exceeded", Code: "Hop limit exceeded | ICMPv6 message (Type: "Time Exceeded", Code: "hop limit exceeded | |||
in transit"). The ICMPv6 response is IP routed. | in transit"). The ICMPv6 response is IP routed. | |||
o When Node N2 receives the packet with hop-count > 1, it performs | * When node N2 receives the packet with hop-count > 1, it performs | |||
the standard SRH processing. Specifically, it executes the End.X | the standard SRH processing. Specifically, it executes the End.X | |||
behavior indicated by the 2001:db8:K:2:X31:: SID on the traceroute | behavior indicated by the 2001:db8:K:2:X31:: SID on the traceroute | |||
probe. If 2001:db8:K:2:X31:: is a PSP SID, node N2 executes the | probe. If 2001:db8:K:2:X31:: is a PSP SID, node N2 executes the | |||
SID like any other data packet with DA = 2001:db8:K:2:X31:: and | SID like any other data packet with DA = 2001:db8:K:2:X31:: and | |||
removes the SRH. | removes the SRH. | |||
o When node N3, which is a non-SRv6 capable node, receives the | * When node N3, which is a non-SRv6-capable node, receives the | |||
packet with hop-count = 1, it processes the hop-count expiry. | packet with hop-count = 1, it processes the hop-count expiry. | |||
Specifically, the node N3 responds with the ICMPv6 message (Type: | Specifically, node N3 responds with the ICMPv6 message (Type: | |||
"Time Exceeded", Code: "Hop limit exceeded in Transit"). The | "Time Exceeded", Code: "Hop limit exceeded in transit"). The | |||
ICMPv6 response is IP routed. | ICMPv6 response is IP routed. | |||
o When node N3, which is a non-SRv6 capable node, receives the | * When node N3, which is a non-SRv6-capable node, receives the | |||
packet with hop-count > 1, it performs the standard IPv6 | packet with hop-count > 1, it performs the standard IPv6 | |||
processing. Specifically, it forwards the traceroute probe based | processing. Specifically, it forwards the traceroute probe based | |||
on DA 2001:db8:K:4:: in the IPv6 header. | on DA 2001:db8:K:4:: in the IPv6 header. | |||
o When node N4 receives the packet with DA set to the local SID | * When node N4 receives the packet with DA set to the local SID | |||
2001:db8:K:4::, it processes the END SID. | 2001:db8:K:4::, it processes the End SID. | |||
o If the target SID (2001:db8:K:4::) is not locally instantiated and | * If the target SID (2001:db8:K:4::) is not locally instantiated and | |||
does not represent a local interface, the packet is discarded. | does not represent a local interface, the packet is discarded. | |||
o If the target SID (2001:db8:K:4::) is locally instantiated or | * If the target SID (2001:db8:K:4::) is locally instantiated or | |||
represents a local interface, the node processes the upper layer | represents a local interface, the node processes the upper-layer | |||
header. As part of the upper layer header processing node N4 | header. As part of the upper-layer header processing, node N4 | |||
responds with the ICMPv6 message (Type: Destination unreachable, | responds with the ICMPv6 message (Type: "Destination Unreachable", | |||
Code: Port Unreachable). The ICMPv6 response is IP routed. | Code: "Port Unreachable"). The ICMPv6 response is IP routed. | |||
Figure 4 displays a sample traceroute output for this example. | Figure 4 displays a sample traceroute output for this example. | |||
> traceroute 2001:db8:K:4:X52:: via segment-list 2001:db8:K:2:X31:: | > traceroute 2001:db8:K:4:X52:: via segment list 2001:db8:K:2:X31:: | |||
Tracing the route to SID 2001:db8:K:4:X52:: | Tracing the route to SID 2001:db8:K:4:X52:: | |||
1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec | 1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec | |||
DA: 2001:db8:K:2:X31::, | DA: 2001:db8:K:2:X31::, | |||
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1) | SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1) | |||
2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec | 2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec | |||
DA: 2001:db8:K:4:X52::, | DA: 2001:db8:K:4:X52::, | |||
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) | SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) | |||
3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec | 3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec | |||
DA: 2001:db8:K:4:X52::, | DA: 2001:db8:K:4:X52::, | |||
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) | SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) | |||
Figure 4 A sample output for hop-by-hop traceroute to a SID | Figure 4: Sample Output for Hop-by-Hop Traceroute to a SID | |||
A.3. A Hybrid OAM Using O-flag | A.3. Hybrid OAM Using the OAM Flag | |||
This section illustrates a hybrid OAM mechanism using the the O-flag. | This section illustrates a hybrid OAM mechanism using the O-flag. | |||
Without loss of the generality, the illustration assumes N100 is a | Without loss of the generality, the illustration assumes N100 is a | |||
centralized controller. | centralized controller. | |||
The illustration is different than the In-situ OAM defined in [I.D- | This illustration is different from the "in situ OAM" defined in | |||
draft-ietf-ippm-ioam-data]. This is because In-situ OAM records | [RFC9197]. This is because in situ OAM records operational and | |||
operational and telemetry information in the packet as the packet | telemetry information in the packet as the packet traverses a path | |||
traverses a path between two points in the network [I.D-draft-ietf- | between two points in the network [RFC9197]. The illustration in | |||
ippm-ioam-data]. The illustration in this subsection does not | this subsection does not require the recording of OAM data in the | |||
require the recording of OAM data in the packet. | packet. | |||
The illustration does not assume any formats for exporting the data | The illustration does not assume any formats for exporting the data | |||
elements or the data elements that need to be exported. The | elements or the data elements that need to be exported. The | |||
illustration assumes system clocks among all nodes in the SR domain | illustration assumes system clocks among all nodes in the SR domain | |||
are synchronized. | are synchronized. | |||
Consider the example where the user wants to monitor sampled IPv4 VPN | Consider the example where the user wants to monitor sampled IPv4 VPN | |||
999 traffic going from CE1 to CE2 via a low latency SR policy P | 999 traffic going from CE1 to CE2 via a low-latency SR policy P | |||
installed at Node N1. To exercise a low latency path, the SR Policy | installed at node N1. To exercise a low-latency path, the SR Policy | |||
P forces the packet via segments 2001:db8:K:2:X31:: and | P forces the packet via segments 2001:db8:K:2:X31:: and | |||
2001:db8:K:4:X52::. The VPN SID at N7 associated with VPN 999 is | 2001:db8:K:4:X52::. The VPN SID at N7 associated with VPN 999 is | |||
2001:db8:K:7:DT999::. 2001:db8:K:7:DT999:: is a USP SID. N1, N4, | 2001:db8:K:7:DT999::. 2001:db8:K:7:DT999:: is a USP SID. N1, N4, | |||
and N7 are capable of processing O-flag but N2 is not capable of | and N7 are capable of processing the O-flag, but N2 is not capable of | |||
processing O-flag. N100 is the centralized controller capable of | processing the O-flag. N100 is the centralized controller capable of | |||
processing and correlating the copy of the packets sent from nodes | processing and correlating the copy of the packets sent from nodes | |||
N1, N4, and N7. N100 is aware of O-flag processing capabilities. | N1, N4, and N7. N100 is aware of O-flag processing capabilities. | |||
Controller N100 with the help from nodes N1, N4, N7 and implements a | Controller N100, with help from nodes N1, N4, and N7, implements a | |||
hybrid OAM mechanism using the O-flag as follows: | hybrid OAM mechanism using the O-flag as follows: | |||
o A packet P1:(IPv4 header)(payload) is sent from CE1 to Node N1. | * A packet P1:(IPv4 header)(payload) is sent from CE1 to node N1. | |||
o Node N1 steers the packet P1 through the Policy P. Based on a | * Node N1 steers packet P1 through the Policy P. Based on local | |||
local configuration, Node N1 also implements logic to sample | configuration, node N1 also implements logic to sample traffic | |||
traffic steered through policy P for hybrid OAM purposes. | steered through policy P for hybrid OAM purposes. Specification | |||
Specification for the sampling logic is beyond the scope of this | for the sampling logic is beyond the scope of this document. | |||
document. Consider the case where packet P1 is classified as a | Consider the case where packet P1 is classified as a packet to be | |||
packet to be monitored via the hybrid OAM. Node N1 sets O-flag | monitored via the hybrid OAM. Node N1 sets the O-flag during the | |||
during the encapsulation required by policy P. As part of setting | encapsulation required by policy P. As part of setting the | |||
the O-flag, node N1 also sends a timestamped copy of the packet | O-flag, node N1 also sends a timestamped copy of packet P1: | |||
P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::, | (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::, | |||
2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1; | 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1; | |||
NH=IPv4)(IPv4 header)(payload) to a local OAM process. The local | NH=IPv4)(IPv4 header)(payload) to a local OAM process. The local | |||
OAM process sends a full or partial copy of the packet P1 to the | OAM process sends a full or partial copy of packet P1 to the | |||
controller N100. The OAM process includes the recorded timestamp, | controller N100. The OAM process includes the recorded timestamp, | |||
additional OAM information like incoming and outgoing interface, | additional OAM information (like incoming and outgoing interface), | |||
etc. along with any applicable metadata. Node N1 forwards the | and any applicable metadata. Node N1 forwards the original packet | |||
original packet towards the next segment 2001:db8:K:2:X31::. | towards the next segment 2001:db8:K:2:X31::. | |||
o When node N2 receives the packet with O-flag set, it ignores the | * When node N2 receives the packet with the O-flag set, it ignores | |||
O-flag. This is because node N2 is not capable of processing the | the O-flag. This is because node N2 is not capable of processing | |||
O-flag. Node N2 performs the standard SRv6 SID and SRH | the O-flag. Node N2 performs the standard SRv6 SID and SRH | |||
processing. Specifically, it executes the End.X behavior | processing. Specifically, it executes the End.X behavior | |||
indicated by the 2001:db8:K:2:X31:: SID as described in [RFC8986] | indicated by the 2001:db8:K:2:X31:: SID as described in [RFC8986] | |||
and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) | and forwards packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) | |||
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; | (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; | |||
SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 3 towards | SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link3 towards | |||
Node N3. | node N3. | |||
o When node N3, which is a non-SRv6 capable node, receives the | ||||
packet P1 , it performs the standard IPv6 processing. | ||||
Specifically, it forwards the packet P1 based on DA | * When node N3, which is a non-SRv6-capable node, receives packet | |||
2001:db8:K:4:X52:: in the IPv6 header. | P1, it performs the standard IPv6 processing. Specifically, it | |||
forwards packet P1 based on DA 2001:db8:K:4:X52:: in the IPv6 | ||||
header. | ||||
o When node N4 receives the packet P1 (2001:db8:L:1::, | * When node N4 receives packet P1 (2001:db8:L:1::, | |||
2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, | 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, | |||
2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 | 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 | |||
header)(payload), it processes the O-flag. As part of processing | header)(payload), it processes the O-flag. As part of processing | |||
the O-flag, it sends a timestamped copy of the packet to a local | the O-flag, it sends a timestamped copy of the packet to a local | |||
OAM process. Based on a local configuration, the local OAM | OAM process. Based on local configuration, the local OAM process | |||
process sends a full or partial copy of the packet P1 to the | sends a full or partial copy of packet P1 to the controller N100. | |||
controller N100. The OAM process includes the recorded timestamp, | The OAM process includes the recorded timestamp, additional OAM | |||
additional OAM information like incoming and outgoing interface, | information (like incoming and outgoing interface, etc.), and any | |||
etc. along with any applicable metadata. Node N4 performs the | applicable metadata. Node N4 performs the standard SRv6 SID and | |||
standard SRv6 SID and SRH processing on the original packet P1. | SRH processing on the original packet P1. Specifically, it | |||
Specifically, it executes the End.X behavior indicated by the | executes the End.X behavior indicated by the 2001:db8:K:4:X52:: | |||
2001:db8:K:4:X52:: SID and forwards the packet P1 (2001:db8:L:1::, | SID and forwards packet P1 (2001:db8:L:1::, 2001:db8:K:7:DT999::) | |||
2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, | (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; | |||
2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload) | SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link10 towards | |||
over link 10 towards Node N5. | node N5. | |||
o When node N5, which is a non-SRv6 capable node, receives the | * When node N5, which is a non-SRv6-capable node, receives packet | |||
packet P1, it performs the standard IPv6 processing. | P1, it performs the standard IPv6 processing. Specifically, it | |||
Specifically, it forwards the packet based on DA | forwards the packet based on DA 2001:db8:K:7:DT999:: in the IPv6 | |||
2001:db8:K:7:DT999:: in the IPv6 header. | header. | |||
o When node N7 receives the packet P1 (2001:db8:L:1::, | * When node N7 receives packet P1 (2001:db8:L:1::, | |||
2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, | 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, | |||
2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 | 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 | |||
header)(payload), it processes the O-flag. As part of processing | header)(payload), it processes the O-flag. As part of processing | |||
the O-flag, it sends a timestamped copy of the packet to a local | the O-flag, it sends a timestamped copy of the packet to a local | |||
OAM process. The local OAM process sends a full or partial copy | OAM process. The local OAM process sends a full or partial copy | |||
of the packet P1 to the controller N100. The OAM process includes | of packet P1 to the controller N100. The OAM process includes the | |||
the recorded timestamp, additional OAM information like incoming | recorded timestamp, additional OAM information (like incoming and | |||
and outgoing interface, etc. along with any applicable metadata. | outgoing interface, etc.), and any applicable metadata. Node N7 | |||
Node N7 performs the standard SRv6 SID and SRH processing on the | performs the standard SRv6 SID and SRH processing on the original | |||
original packet P1. Specifically, it executes the VPN SID | packet P1. Specifically, it executes the VPN SID indicated by the | |||
indicated by the 2001:db8:K:7:DT999:: SID and based on lookup in | 2001:db8:K:7:DT999:: SID and, based on lookup in table 100, | |||
table 100 forwards the packet P1 (IPv4 header)(payload) towards CE | forwards packet P1 (IPv4 header)(payload) towards CE2. | |||
2. | ||||
o The controller N100 processes and correlates the copy of the | * The controller N100 processes and correlates the copy of the | |||
packets sent from nodes N1, N4 and N7 to find segment-by-segment | packets sent from nodes N1, N4, and N7 to find segment-by-segment | |||
delays and provide other hybrid OAM information related to packet | delays and provide other hybrid OAM information related to packet | |||
P1. For segment-by-segment delay computation, it is assumed that | P1. For segment-by-segment delay computation, it is assumed that | |||
clock are synchronized time across the SR domain. | clocks are synchronized time across the SR domain. | |||
o The process continues for any other sampled packets. | * The process continues for any other sampled packets. | |||
A.4. Monitoring of SRv6 Paths | A.4. Monitoring of SRv6 Paths | |||
In the recent past, network operators demonstrated interest in | In the recent past, network operators demonstrated interest in | |||
performing network OAM functions in a centralized manner. [RFC8403] | performing network OAM functions in a centralized manner. [RFC8403] | |||
describes such a centralized OAM mechanism. Specifically, the | describes such a centralized OAM mechanism. Specifically, [RFC8403] | |||
document describes a procedure that can be used to perform path | describes a procedure that can be used to perform path continuity | |||
continuity check between any nodes within an SR domain from a | checks between any nodes within an SR domain from a centralized | |||
centralized monitoring system. However, the document focuses on SR | monitoring system. However, while [RFC8403] focuses on SR networks | |||
networks with MPLS data plane. This document describes how the | with MPLS data plane, this document describes how the concept can be | |||
concept can be used to perform path monitoring in an SRv6 network | used to perform path monitoring in an SRv6 network from a centralized | |||
from a centralized controller. | controller. | |||
In the reference topology in Figure 1, N100 uses an IGP protocol like | In the reference topology in Figure 1, N100 uses an IGP protocol like | |||
OSPF or IS-IS to get the topology view within the IGP domain. N100 | OSPF or IS-IS to get a view of the topology within the IGP domain. | |||
can also use BGP-LS to get the complete view of an inter-domain | N100 can also use BGP-LS to get the complete view of an inter-domain | |||
topology. The controller leverages the visibility of the topology to | topology. The controller leverages the visibility of the topology to | |||
monitor the paths between the various endpoints. | monitor the paths between the various endpoints. | |||
The controller N100 advertises an END SID [RFC8986] | The controller N100 advertises an End SID [RFC8986] | |||
2001:db8:K:100:1::. To monitor any arbitrary SRv6 paths, the | 2001:db8:K:100:1::. To monitor any arbitrary SRv6 paths, the | |||
controller can create a loopback probe that originates and terminates | controller can create a loopback probe that originates and terminates | |||
on Node N100. To distinguish between a failure in the monitored path | on node N100. To distinguish between a failure in the monitored path | |||
and loss of connectivity between the controller and the network, Node | and loss of connectivity between the controller and the network, node | |||
N100 runs a suitable mechanism to monitor its connectivity to the | N100 runs a suitable mechanism to monitor its connectivity to the | |||
monitored network. | monitored network. | |||
The loopback probes are exemplified using an example where controller | The following example illustrates loopback probes in which controller | |||
N100 needs to verify a segment list <2001:db8:K:2:X31::, | N100 needs to verify a segment list <2001:db8:K:2:X31::, | |||
2001:db8:K:4:X52::>: | 2001:db8:K:4:X52::>: | |||
o N100 generates an OAM packet (2001:db8:L:100::, | * N100 generates an OAM packet (2001:db8:L:100::, | |||
2001:db8:K:2:X31::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, | 2001:db8:K:2:X31::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, | |||
2001:db8:K:2:X31::, SL=2)(OAM Payload). The controller routes the | 2001:db8:K:2:X31::, SL=2)(OAM Payload). The controller routes the | |||
probe packet towards the first segment, which is | probe packet towards the first segment, which is | |||
2001:db8:K:2:X31::. | 2001:db8:K:2:X31::. | |||
o Node N2 executes the End.X behavior indicated by the | * Node N2 executes the End.X behavior indicated by the | |||
2001:db8:K:2:X31:: SID and forwards the packet (2001:db8:L:100::, | 2001:db8:K:2:X31:: SID and forwards the packet (2001:db8:L:100::, | |||
2001:db8:K:4:X52::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, | 2001:db8:K:4:X52::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, | |||
2001:db8:K:2:X31::, SL=1)(OAM Payload) on link3 to N3. | 2001:db8:K:2:X31::, SL=1)(OAM Payload) on link3 to N3. | |||
o Node N3, which is a non-SRv6 capable node, performs the standard | * Node N3, which is a non-SRv6-capable node, performs the standard | |||
IPv6 processing. Specifically, it forwards the packet based on | IPv6 processing. Specifically, it forwards the packet based on DA | |||
the DA 2001:db8:K:4:X52:: in the IPv6 header. | 2001:db8:K:4:X52:: in the IPv6 header. | |||
o Node N4 executes the End.X behavior indicated by the | * Node N4 executes the End.X behavior indicated by the | |||
2001:db8:K:4:X52:: SID and forwards the packet (2001:db8:L:100::, | 2001:db8:K:4:X52:: SID and forwards the packet (2001:db8:L:100::, | |||
2001:db8:K:100:1::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, | 2001:db8:K:100:1::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, | |||
2001:db8:K:2:X31::, SL=0)(OAM Payload) on link10 to N5. | 2001:db8:K:2:X31::, SL=0)(OAM Payload) on link10 to N5. | |||
o Node N5, which is a non-SRv6 capable node, performs the standard | * Node N5, which is a non-SRv6-capable node, performs the standard | |||
IPv6 processing. Specifically, it forwards the packet based on | IPv6 processing. Specifically, it forwards the packet based on DA | |||
the DA 2001:db8:K:100:1:: in the IPv6 header. | 2001:db8:K:100:1:: in the IPv6 header. | |||
o Node N100 executes the standard SRv6 END behavior. It | * Node N100 executes the standard SRv6 END behavior. It | |||
decapsulates the header and consume the probe for OAM processing. | decapsulates the header and consumes the probe for OAM processing. | |||
The information in the OAM payload is used to detect any missing | The information in the OAM payload is used to detect missing | |||
probes, round trip delay, etc. | probes, round-trip delay, etc. | |||
The OAM payload type or the information carried in the OAM probe is a | The OAM payload type or the information carried in the OAM probe is a | |||
local implementation decision at the controller and is outside the | local implementation decision at the controller and is outside the | |||
scope of this document. | scope of this document. | |||
Appendix B. Acknowledgements | Acknowledgements | |||
The authors would like to thank Joel M. Halpern, Greg Mirsky, Bob | The authors would like to thank Joel M. Halpern, Greg Mirsky, Bob | |||
Hinden, Loa Andersson, Gaurav Naik, Ketan Talaulikar and Haoyu Song | Hinden, Loa Andersson, Gaurav Naik, Ketan Talaulikar, and Haoyu Song | |||
for their review comments. | for their review comments. | |||
Appendix C. Contributors | Contributors | |||
The following people have contributed to this document: | The following people contributed to this document: | |||
Robert Raszuk | Robert Raszuk | |||
Bloomberg LP | Bloomberg LP | |||
Email: robert@raszuk.net | Email: robert@raszuk.net | |||
John Leddy | John Leddy | |||
Individual | Individual | |||
Email: john@leddy.net | Email: john@leddy.net | |||
Gaurav Dawra | Gaurav Dawra | |||
Email: gdawra.ietf@gmail.com | Email: gdawra.ietf@gmail.com | |||
Bart Peirens | Bart Peirens | |||
Proximus | Proximus | |||
Email: bart.peirens@proximus.com | Email: bart.peirens@proximus.com | |||
Nagendra Kumar | ||||
Cisco Systems, Inc. | ||||
Email: naikumar@cisco.com | ||||
Carlos Pignataro | Nagendra Kumar | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
Email: cpignata@cisco.com | Email: naikumar@cisco.com | |||
Rakesh Gandhi | Carlos Pignataro | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
Canada | Email: cpignata@cisco.com | |||
Email: rgandhi@cisco.com | ||||
Frank Brockners | Rakesh Gandhi | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
Germany | Email: rgandhi@cisco.com | |||
Email: fbrockne@cisco.com | ||||
Darren Dukes | Frank Brockners | |||
Cisco Systems, Inc. | Cisco Systems, Inc. | |||
Email: ddukes@cisco.com | Email: fbrockne@cisco.com | |||
Cheng Li | Darren Dukes | |||
Huawei | Cisco Systems, Inc. | |||
Email: chengli13@huawei.com | Email: ddukes@cisco.com | |||
Faisal Iqbal | Cheng Li | |||
Individual | Huawei | |||
Email: faisal.ietf@gmail.com | Email: chengli13@huawei.com | |||
Faisal Iqbal | ||||
Individual | ||||
Email: faisal.ietf@gmail.com | ||||
Authors' Addresses | Authors' Addresses | |||
Zafar Ali | Zafar Ali | |||
Cisco Systems | Cisco Systems | |||
Email: zali@cisco.com | Email: zali@cisco.com | |||
Clarence Filsfils | Clarence Filsfils | |||
Cisco Systems | Cisco Systems | |||
Email: cfilsfil@cisco.com | Email: cfilsfil@cisco.com | |||
Satoru Matsushima | Satoru Matsushima | |||
Softbank | Softbank | |||
Email: satoru.matsushima@g.softbank.co.jp | Email: satoru.matsushima@g.softbank.co.jp | |||
Daniel Voyer | Daniel Voyer | |||
Bell Canada | Bell Canada | |||
Email: daniel.voyer@bell.ca | Email: daniel.voyer@bell.ca | |||
Mach Chen | Mach(Guoyi) Chen | |||
Huawei | Huawei | |||
Email: mach.chen@huawei.com | Email: mach.chen@huawei.com | |||
End of changes. 185 change blocks. | ||||
488 lines changed or deleted | 474 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |